Home Malware Programs Malware 'Panda' Cryptojacking

'Panda' Cryptojacking

Posted: September 25, 2019

Cybercriminals love profiting via fraudulent cryptocurrency operations because tracking the money is nearly impossible in this case. One of the latest crypto-jacking campaigns is carried out by a group of crooks that have been given the name 'Panda.' The goal of the Panda hackers is to harvest the hardware resources of an infected computer and then use them to run a cryptocurrency miner that generates Monero (XMR) and send it to their wallets. According to a cybersecurity team who follows the 'Panda' Cryptojacking campaign closely, the perpetrators may have made over $100,000 already.

The Panda Group Uses Remote Access Trojans to Deploy Cryptocurrency Miners

To execute their attack, the Panda hackers rely on a wide range of tools, but it would appear that they emphasize on using Remote Access Trojans (RATs) to configure the cryptomining malware on the infected computer manually. It is not clear what RATs the group is using, but it is likely that they might be relying on more than one Trojan.

Apart from planting cryptomining malware on the computers of their victims, the criminals behind the 'Panda' Cryptojacking campaign also use the Mimikatz credential collecting tool. In addition to this, they attempt to infect more computers on the same network by using customized variants of the NSA exploits that were released by the Shadow Brokers group.

$100,000 in Profits and No Signs of Slowing Down

The hackers behind the Panda project have proven that they are in it for the long run by evolving their payloads, strategies, infection vectors and infrastructure constantly. The fact that they have already netted a profit of over $100,000 is a sure sign that they do not plan on stopping their operations anytime soon. We advise users and network administrators to patch their operating systems, software, and services, as well as invest in a reputable anti-virus product that can provide them with real-time protection against hacking attempts and malware.

Loading...